Ensure RDS instances are not publicly accessible

Error: RDS instances are publicly accessible

Bridgecrew Policy ID: BC_AWS_PUBLIC_10
Severity: HIGH

RDS instances are publicly accessible

Description

AWS RDS is a managed DB service enabling quick deployment and management of MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL Server DB engines.

We recommend you encrypt RDS functions as an additional layer of data from unauthorized access to its storage. RDS native encryption helps protect your applications deployed in the cloud and easily fulfills compliance requirements for data-at-rest encryption.

Fix - Runtime

AWS Console

To change the policy using the AWS Console, follow these steps:

  1. Log in to the AWS Management Console at https://console.aws.amazon.com/.
  2. Open the Amazon RDS console.
  3. On the navigation pane, click Snapshots.
  4. Select the snapshot to encrypt.
  5. Navigate to Snapshot Actions, select Copy Snapshot.
  6. Select your Destination Region, then enter your New DB Snapshot Identifier.
  7. Set Enable Encryption to Yes.
  8. Select your Master Key from the list, then select Copy Snapshot.